security: Escape sql credentials during install (#7494)

This commit is contained in:
Tony Murray
2017-10-17 11:49:56 +01:00
committed by Neil Lathwood
parent 6e379bfbbd
commit 96ccc49026
+1 -1
View File
@@ -44,7 +44,7 @@ $cmd = $config['install_dir'] . '/build-base.php -l';
foreach ($db_vars as $var => $opt) {
if ($_SESSION[$var]) {
$cmd .= " -$opt {$_SESSION[$var]}";
$cmd .= " -$opt " . escapeshellarg($_SESSION[$var]);
}
}